httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Gollschewsky <dweb3softw...@darkgate.net>
Subject RE: [users@httpd] server reverts to global config briefly then back to vhost
Date Fri, 30 Apr 2004 10:15:11 GMT
Hi Boyle,

Thanks for your response.  comments below...

Quoting Boyle Owen <Owen.Boyle@swx.com>:

> > -----Original Message-----
> > From: Tim Gollschewsky [mailto:dweb3software@darkgate.net]
> > 
> > All our sites are VirtualHosts, the global "Root" site is not used
> > to serve any content at all.  Due to this, we set its DocumentRoot
> > to be "/var/www/default" which is a directory we deny access to.  No
> > VirtualHost is ever configured without a DocumentRoot, so no request
> > should ever hit this directory.
> > 
> > The problem is:  every now and then, a VirtualHost will send a client
> > request through to this directory!  Its almost as if this apache vhost
> > "temporarily" forgets where its DocumentRoot is, and reverts back to
> > the global one.  Then immediately after, it remembers and all 
> > is back to
> > normal.  But this breaks our client's session and makes them 
> > very unhappy.
> 
> What happens if you access the site without a hostname? eg
> http://192.168.1.1/?

It goes to our first name-based virtual host.

> In this event if you have a list of name-based VHs on this IP, apache
> will not be able to assign the request to *any* of them and so will
> default to the first VH which is listening on this IP. If this VH has an
> inaccessible DR then you'll get the results you describe.

Its accessible.  Its a holding page that says "Welcome to our default
site, you probably typed in an IP address didn't you?  Maybe you meant
to go <a href=http://.../our admin site>here</a>."

That kind of thing.

> The real question is, how come some URLs in the site lead to such a
> request? Could be:
> 
> - one of your customers has explicityl coded such a URL in his pages.
> - there is a link somewhere for an old site which is still in DNS but
> which is no longer configured as a VH.
> - a rewrite rule is generating the URL

Our clients tell us it just happens during normal use.  I wish I could
audit all their sites but thats just impossible.  In fact, I just wish
I could reproduce this problem on my own right now...

> Extend the logging a bit; add %{Host}i to the LogFormat to see what Host
> header the request has.

This could be difficult, it will break our log processing stuff.  I'll
investigate using an alternative log file.

However, I'm pretty sure the correct Host: header is being sent, because
the error_log it uses is the correct one for that vhost.  In fact, in
the global access_log, you can see the vhost identifier as well:

/vhosts/dx00003/logs/www/error_log:[Fri Apr 30 02:20:31 2004] [error] [client
131.194.198.136] client denied by server configuration: /var/www/default
/var/log/www/access_log: dx00003 0 131.194.198.136 - - [30/Apr/2004:02:20:31
+0100] "GET / HTTP/1.1" 302 281 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)

dx00003 is the vhost servername (we use ServerAliases for the full FQDN).

Its just baffling.  How can it know where the error_log for that vhost
is, but not the DocumentRoot.  :(

> Are you implying the behaviour is random? If it can it be reproduced
> then it will be easy to crack...

I agree.  Yes, its totally random.

> BTW, what's the rational behind having an inaccessible default VH? I'd
> probably have a redirect to a "hello world" page..

Well, it should always hit the first names-based vhost (which is
accessable).  We figured this directory should never get hit,but lets
lock it down anyway.  I work for a bank, little paranoia-based things
like that make our auditors happy.

Thanks for your help,

Tim.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message